CVE DATABASE / CVE-2006-6276
CVE-2006-6276
CVSS 6.8 · MEDIUM
Summary
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
CVSS 2.0 breakdown
| Base score | 6.8 (MEDIUM) |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | MEDIUM |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Sun java system application serverSun java system web proxy serverSun java system web serverSun one application server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/23186
- http://securitytracker.com/id?1017322
- http://securitytracker.com/id?1017323
- http://securitytracker.com/id?1017324
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1
- http://www.securityfocus.com/bid/21371
- http://www.vupen.com/english/advisories/2006/4793
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30662
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.